Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
Threat Hunting and
UEBA:
Similarities, Differences, and How
They Work Together
• Speakers:
• Greg Schaffer, FirstBank CISO...
© 2017 Security Current
Speakers
Greg Schaffer
First Bank CISO
Luis Maldonado
Sqrrl VP of Products
© 2017 Security Current
Peer-authored Research
Authored by Chief Information Security Officers, CISOs Investigate is an
on...
© 2017 Security Current
CISO-authored Research
About CISOs Investigate
© 2017 Security Current
Unpacking theReport
© 2017 Security Current
"A risk-based approach is highly recommended in order
to gain some quick wins. Generally, this sta...
© 2017 Security Current
• Incorporating user behavior beyond
simple login
• Behavioral analytics connects the
past (baseli...
© 2017 Security Current
• Control Aspects
• Risk AssessmentTool
• Baseline
• Compliance
• Staffing
• Use Cases
• Challenge...
© 2017 Security Current
• Effective Across
Industries
• AWin-Win for CISOs
• A Natural Fit for Risk-
based Security
Takeaw...
© 2017 Security Current
•Company Overview
•Business Use Cases
•Technology
•Business Goals
•Recommendations and Advice
Case...
Threat Hunting and
UEBA
© 2017 Sqrrl Data, Inc. All rights reserved. 12
Analytics Perspective
UBA
UEBA
Behavioral Analytics
© 2017 Sqrrl Data, Inc. All rights reserved. 13
HuntingTools
Visualization
Analytics
Data
Aggregation
Collaboration
© 2017 Sqrrl Data, Inc. All rights reserved. 14
Hunting
Proactive Iterative
Human-driven Analytical
© 2017 Sqrrl Data, Inc. All rights reserved. 15
Challenges Driving Hunting Investment
© 2017 Sqrrl Data, Inc. All rights reserved. 16
TheValue of Hunting
© 2017 Sqrrl Data, Inc. All rights reserved. 17
Threat Hunting Maturity Model
© 2017 Sqrrl Data, Inc. All rights reserved. 18
SOC Detection Processes (“Loops”)
Detection
Improvements
Observe
Alert
Val...
© 2017 Sqrrl Data, Inc. All rights reserved. 19
Threat Hunting Loop
© 2017 Sqrrl Data, Inc. All rights reserved. 20
Analytics in the Hunting Loop
Analytics
help
provide a
starting
point for
...
© 2017 Sqrrl Data, Inc. All rights reserved. 21
Analytics in the Hunting Loop
Investigatio
n aided by
analytic
techniques
© 2017 Sqrrl Data, Inc. All rights reserved. 22
Analytics in the Hunting Loop
Identify
behavioral
patterns
© 2017 Sqrrl Data, Inc. All rights reserved. 23
Analytics in the Hunting Loop
Analytics
are
created
from the
results of
th...
© 2017 Sqrrl Data, Inc. All rights reserved. 24
Sqrrl’s Approach to Behavioral Analytics
Detection of kill chain-oriented
...
© 2017 Sqrrl Data, Inc. All rights reserved. 25
Uniting UEBA and Hunting
© 2017 Sqrrl Data, Inc. All rights reserved. 26
SqrrlThreat Hunting Platform
© 2017 Sqrrl Data, Inc. All rights reserved. 27
info.sqrrl.com/download-uba-guide
User & Entity Behavior Analytics
What's ...
© 2017 Sqrrl Data, Inc. All rights reserved. 28
info.sqrrl.com/download-ueba-ebook
User & Entity Behavior Analytics
What's...
Q&A
Nächste SlideShare
Wird geladen in …5
×

Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together

1.001 Aufrufe

Veröffentlicht am

This presentation explains how security teams can leverage hunting and analytics to detect advanced threats faster, more reliably, and with common analyst skill sets. Watch the presentation with audio here: http://info.sqrrl.com/threat-hunting-and-ueba-webinar

Veröffentlicht in: Software
  • Als Erste(r) kommentieren

Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together

  1. 1. Threat Hunting and UEBA: Similarities, Differences, and How They Work Together • Speakers: • Greg Schaffer, FirstBank CISO • Luis Maldonado. Sqrrl VP of Products Sponsor:
  2. 2. © 2017 Security Current Speakers Greg Schaffer First Bank CISO Luis Maldonado Sqrrl VP of Products
  3. 3. © 2017 Security Current Peer-authored Research Authored by Chief Information Security Officers, CISOs Investigate is an ongoing series that offers first-hand insights to security leaders as they make business-driven technology decisions. About CISOs Investigate
  4. 4. © 2017 Security Current CISO-authored Research About CISOs Investigate
  5. 5. © 2017 Security Current Unpacking theReport
  6. 6. © 2017 Security Current "A risk-based approach is highly recommended in order to gain some quick wins. Generally, this starts by looking at privileged access to various applications." - James Beeson, Chief Information Security Officer and IT Risk Leader,GE Capital Americas A CISO Looks at the History of UBA
  7. 7. © 2017 Security Current • Incorporating user behavior beyond simple login • Behavioral analytics connects the past (baseline), the present (event) and future (pre-direction) Technology Overview – Core Features
  8. 8. © 2017 Security Current • Control Aspects • Risk AssessmentTool • Baseline • Compliance • Staffing • Use Cases • Challenges Key Considerations
  9. 9. © 2017 Security Current • Effective Across Industries • AWin-Win for CISOs • A Natural Fit for Risk- based Security Takeaways
  10. 10. © 2017 Security Current •Company Overview •Business Use Cases •Technology •Business Goals •Recommendations and Advice Case Study – Oppenheimer & Co – Henry Jiang,CISO
  11. 11. Threat Hunting and UEBA
  12. 12. © 2017 Sqrrl Data, Inc. All rights reserved. 12 Analytics Perspective UBA UEBA Behavioral Analytics
  13. 13. © 2017 Sqrrl Data, Inc. All rights reserved. 13 HuntingTools Visualization Analytics Data Aggregation Collaboration
  14. 14. © 2017 Sqrrl Data, Inc. All rights reserved. 14 Hunting Proactive Iterative Human-driven Analytical
  15. 15. © 2017 Sqrrl Data, Inc. All rights reserved. 15 Challenges Driving Hunting Investment
  16. 16. © 2017 Sqrrl Data, Inc. All rights reserved. 16 TheValue of Hunting
  17. 17. © 2017 Sqrrl Data, Inc. All rights reserved. 17 Threat Hunting Maturity Model
  18. 18. © 2017 Sqrrl Data, Inc. All rights reserved. 18 SOC Detection Processes (“Loops”) Detection Improvements Observe Alert Validate Hunting Plan Test Content Development Automated Detection Rules & Analytics Discover Hypothesize CompareImplementReviseInvestigateEnrich
  19. 19. © 2017 Sqrrl Data, Inc. All rights reserved. 19 Threat Hunting Loop
  20. 20. © 2017 Sqrrl Data, Inc. All rights reserved. 20 Analytics in the Hunting Loop Analytics help provide a starting point for hunts
  21. 21. © 2017 Sqrrl Data, Inc. All rights reserved. 21 Analytics in the Hunting Loop Investigatio n aided by analytic techniques
  22. 22. © 2017 Sqrrl Data, Inc. All rights reserved. 22 Analytics in the Hunting Loop Identify behavioral patterns
  23. 23. © 2017 Sqrrl Data, Inc. All rights reserved. 23 Analytics in the Hunting Loop Analytics are created from the results of the hunt
  24. 24. © 2017 Sqrrl Data, Inc. All rights reserved. 24 Sqrrl’s Approach to Behavioral Analytics Detection of kill chain-oriented Tactics,Techniques, and Procedures of adversaries rather than only general anomalies
  25. 25. © 2017 Sqrrl Data, Inc. All rights reserved. 25 Uniting UEBA and Hunting
  26. 26. © 2017 Sqrrl Data, Inc. All rights reserved. 26 SqrrlThreat Hunting Platform
  27. 27. © 2017 Sqrrl Data, Inc. All rights reserved. 27 info.sqrrl.com/download-uba-guide User & Entity Behavior Analytics What's included in this Real-world insights from CISOs who already deployed tools Case studies to highlight importance of UBA technology A RFI template developed by the CISOs CISO-authored UBA Buyer's Guide
  28. 28. © 2017 Sqrrl Data, Inc. All rights reserved. 28 info.sqrrl.com/download-ueba-ebook User & Entity Behavior Analytics What's included in this What you need to know about advanced behavioral analytics How it can automate and revolutionize threat hunting How to use it for streamlined threat detection practices The Heart of Next-Generation Threat Hunting
  29. 29. Q&A

×